Access

You are not currently logged in.

Access your personal account or get JSTOR access through your library or other institution:

login

Log in to your personal account or through your institution.

If You Use a Screen Reader

This content is available through Read Online (Free) program, which relies on page scans. Since scans are not currently available to screen readers, please contact JSTOR User Support for access. We'll provide a PDF copy for your screen reader.

THE NUMBER FIELD SIEVE FOR INTEGERS OF LOW WEIGHT

OLIVER SCHIROKAUER
Mathematics of Computation
Vol. 79, No. 269 (JANUARY 2010), pp. 583-602
Stable URL: http://www.jstor.org/stable/40590418
Page Count: 20
  • Read Online (Free)
  • Download ($34.00)
  • Subscribe ($19.50)
  • Cite this Item
Since scans are not currently available to screen readers, please contact JSTOR User Support for access. We'll provide a PDF copy for your screen reader.
THE NUMBER FIELD SIEVE FOR INTEGERS OF LOW WEIGHT
Preview not available

Abstract

We define the weight of an integer N to be the smallest ω such that N can be represented as $\sum _{i = 1}^\omega \,c_i 2^{c_i } $ , with $ \in _1 ,\,..., \in _\omega \, \in \,\{ 1,\, - 1\} $ . Since arithmetic modulo a prime of low weight is particularly efficiënt, it is tempting to use such primes in cryptographic protocols. In this paper we consider the difficulty of the discrete logarithm problem modulo a prime N of low weight, as well as the difficulty of factoring an integer N of low weight. We describe a version of the number field sieve which handles both problems. In the case that ω = 2, the method is the same as the special number field sieve, which runs conjecturally in time exp $((32/9)^{1/3} \, + \,0(1))(\log \,N)^{1/3} (\log \,\log \,N)^{2/3} $ for N → ∞. For fixed ω > 2, we conjecture that there is a constant ξ less than $(32/9)^{1/3} \,((2\omega - 3)/(\omega - 1))^{1/3} $ such that the running time of the algorithm is at most exp $(\xi \, + \,0(1))(\log \,N)^{1/3} (\log \,\log \,N)^{2/3} $ for N → ∞. We further conjecture that no ξ less than $(32/9)^{1/3} ((\sqrt {2\omega } - \,2\sqrt 2 \, + \,1)/(\omega \, - \,1)^{2/3} $ has this property. Our analysis reveals that on average the method performs significantly better than it does in the worst case. We consider all the examples given in a recent paper of Koblitz and Menezes and demonstrate that in every case but one, our algorithm runs faster than the standard versions of the number field sieve.

Page Thumbnails

  • Thumbnail: Page 
583
    583
  • Thumbnail: Page 
584
    584
  • Thumbnail: Page 
585
    585
  • Thumbnail: Page 
586
    586
  • Thumbnail: Page 
587
    587
  • Thumbnail: Page 
588
    588
  • Thumbnail: Page 
589
    589
  • Thumbnail: Page 
590
    590
  • Thumbnail: Page 
591
    591
  • Thumbnail: Page 
592
    592
  • Thumbnail: Page 
593
    593
  • Thumbnail: Page 
594
    594
  • Thumbnail: Page 
595
    595
  • Thumbnail: Page 
596
    596
  • Thumbnail: Page 
597
    597
  • Thumbnail: Page 
598
    598
  • Thumbnail: Page 
599
    599
  • Thumbnail: Page 
600
    600
  • Thumbnail: Page 
601
    601
  • Thumbnail: Page 
602
    602